Attack on WiFi-based Location Services and SSL using Proxy Servers

摘要

Wireless LANs are very common in any household or business today. It allows access to their home or business network and the Internet without using wires. Their wireless nature allows mobility and convenience for the user and that opens up a lot of new possibilities in mobile devices such as smartphones and tablets. One application that makes use of wireless LANs is positioning, which can be used in areas where Global Positioning Systems may have trouble functioning or not at all. However, a drawback of using wireless communication is that it is susceptible to eavesdropping and jamming. Once the wireless signal is jammed, an attacker can set up fake access points on different channels or frequencies to impersonate a legitimate access point. In this thesis, this attack is performed specifically to trick WiFi-based location services. The attack is shown to work on Skyhook, Google, Apple and Microsoft location services, four of the major location service providers, and on dual-band hardware. Some countermeasures to such an attack are also presented.The web is an important part of many people’s lives nowadays. People expect that their privacy and confidentiality is preserved when they use the web. Previously, web traffic uses HTTP which meant traffic is all unencrypted and can be intercepted and read by attackers. This is clearly a security problem so many websites now default to using a more secure protocol, namely HTTPS which uses HTTP with SSL, and forces the user to HTTPS if they connect to the no SSL protocol. SSL works by exchanging keys between the client and server and the actual data is protected using the key and the cipher suite that is negotiated between the two. However, if a network uses a proxy server, it works slightly different. The SSL connection is broken up into two separate ones and that creates the potential for man-in-the-middle attacks that allow an attacker to intercept the data being transmitted. This thesis analyzes several scenarios in which an adversary can conduct such a man-in-the-middle attack, and potential detection and mitigation methods.